Monitoring a Network Site to Detect Adverse Network Conditions

PublishedNovember 13, 2012

Assigneenot available in USPTO data we have

InventorsPaul G. Nordstrom Colin Bodell Craig A. Woods

Technical Abstract

Patent Claims

51 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1. A system configured to provide a subscription-based network protection service for multiple subscribing hosts, the system comprising: one or more processing devices; a network connection configured to communicatively couple the system to the multiple subscribing hosts via a network; and one or more modules configured to, when executed by the one or more processing devices, provide the subscription-based network protection service for the multiple subscribing hosts by, for each of the multiple subscribing hosts: obtaining information from the subscribing host for use in configuring protective assistance provided by the subscription-based network protection service to the subscribing host; configuring the protective assistance provided to the subscribing host in a manner specific to the subscribing host, the configuring including determining from the obtained information a triggering condition corresponding to the subscribing host for providing the protective assistance and a set of rules corresponding to the subscribing host for filtering network traffic directed to the subscribing host; monitoring for an occurrence of the determined triggering condition for the subscribing host; and upon detection of the occurrence of the determined triggering condition for the subscribing host, providing the protective assistance to the subscribing host in the manner specific to the subscribing host by, causing network traffic directed to the subscribing host to be rerouted to the subscription-based network protection service, wherein network traffic directed to the subscribing host prior to the detection of the triggering condition is not received by the subscription-based network protection service; filtering the network traffic rerouted to the network protection service according to the determined set of rules corresponding to the subscribing host; and forwarding at least some of the filtered network traffic to the subscribing host.

2. The system of claim 1 , wherein the detection of the occurrence of the determined triggering condition for each of one or more of the multiple subscribing hosts includes detecting a network communication from the subscribing host requesting protective assistance for the subscribing host.

3. The system of claim 1 , wherein the detection of the occurrence of the determined triggering condition for each of one or more of the multiple subscribing hosts includes receiving a communication from a user associated with the subscribing host requesting protective assistance for the subscribing host.

4. The system of claim 1 , wherein the detection of the occurrence of the determined triggering condition for each of one or more of the multiple subscribing hosts includes detecting an absence of a periodic communication from the subscribing host indicating that protective assistance is not required.

5. The system of claim 1 , wherein the detection of the occurrence of the determined triggering condition for each of one or more of the multiple subscribing hosts includes detecting that the subscribing host is experiencing adverse network traffic conditions that the subscribing host is unable to process.

6. The system of claim 5 , wherein the detecting that each of the one or more subscribing hosts is experiencing adverse network traffic conditions includes continually monitoring at least a portion of the network traffic directed to the subscribing host and evaluating the monitored network traffic to determine whether the current network traffic poses a risk to the subscribing host.

7. The system of claim 1 , wherein the one or more modules are further configured to periodically query each of one or more of the multiple subscribing hosts for its status, and wherein the detection of the occurrence of the determined triggering condition for each of the one or more subscribing hosts includes detecting an absence of a responsive communication from the subscribing host indicating its status.

8. The system of claim 1 , wherein the filtering of the network traffic rerouted to the subscription-based network protection service for each of one or more of the multiple subscribing hosts according to the determined set of rules corresponding to the subscribing host includes filtering the network traffic according to the determined set of rules to identify legitimate network traffic from illegitimate network traffic.

9. The system of claim 8 , wherein the forwarding of the at least some filtered network traffic to each of the one or more subscribing hosts includes forwarding to the subscribing host only network traffic identified as legitimate by the determined set of rules for the subscribing host.

10. The system of claim 8 , wherein the providing of the protective assistance to the one or more subscribing hosts further includes analyzing the network traffic rerouted to the subscription-based network protection service, and based on the analysis, determining additional rules for the determined set of rules corresponding to each of the one or more subscribing hosts for filtering network traffic directed to the subscribing host.

11. The system of claim 10 , wherein the providing of the protective assistance to each of the one or more subscribing hosts further includes identifying a rule of the determined set of rules corresponding to the subscribing host that is suitable for implementation by the subscribing host and providing the identified rule to the subscribing host.

12. The system of claim 1 , wherein the one or more modules are further configured to, for each of one or more of the multiple subscribing hosts, monitor for a withdraw condition directing the subscription-based network protection service to withdraw the protective assistance provided to the subscribing host and to, upon detection of the withdraw condition, withdraw the protective assistance provided to the subscribing host.

13. The system of claim 12 , wherein the withdrawing of the protective assistance provided to each of the one or more subscribing hosts includes causing network traffic directed to the subscribing host to be routed to the subscribing host without being received by the subscription-based network protection service.

14. The system of claim 12 , wherein the withdrawing of the protective assistance provided to each of the one or more subscribing hosts is performed in phases to ensure that the subscribing host is able to manage the network traffic without the protective assistance.

15. The system of claim 1 wherein the multiple subscribing hosts include a first subscribing host and a second subscribing host, wherein first information is obtained from the first subscribing host to configure the subscription-based network protection service to provide protective assistance to the first subscribing host in a first manner specific to the first subscribing host, and wherein second information is obtained from the second subscribing host to configure the subscription-based network protection service to provide protective assistance to the second subscribing host in a second manner specific to the second subscribing host, the second manner being distinct from the first manner.

16. The system of claim 15 wherein the providing of the protective assistance to the second subscribing host includes analyzing network traffic corresponding to the first subscribing host and, based on the analyzing of the network traffic, determining additional rules to add to the set of rules corresponding to the second subscribing host for filtering network traffic directed to the second subscribing host.

17. The system of claim 1 wherein the information obtained from each of the multiple subscribing hosts includes information related to a cost for the subscription-based network protection service to provide the protective assistance to the subscribing host.

18. A computer-implemented method for a subscription-based network protection service to protect multiple subscribing hosts on a network from adverse network traffic, the method comprising: for each of the multiple subscribing hosts, obtaining information from the subscribing host for use in configuring protective assistance provided by the subscription-based network protection service to the subscribing host; configuring the protective assistance provided to the subscribing host in a manner specific to the subscribing host, the configuring including determining from the obtained information a triggering condition corresponding to the subscribing host for providing the protective assistance; monitoring for an occurrence of the determined triggering condition for the subscribing host; and upon detecting the occurrence of the determined triggering condition for the subscribing host, providing the protective assistance to the subscribing host in the manner specific to the subscribing host, the providing of the protective assistance being performed by one or more configured computing devices of the network protection service and including: causing network traffic directed to the subscribing host to be rerouted to the one or more configured computing devices of the subscription-based network protection service, wherein network traffic directed to the subscribing host prior to the detecting of the triggering condition is not received by any of the one or more configured computing devices of the subscription-based network protection service; filtering the rerouted network traffic; and forwarding at least some some of the filtered network traffic to the subscribing host.

19. The method of claim 18 ; wherein, for each of one or more of the multiple subscribing hosts, the forwarding of the at least some filtered network traffic to the subscribing host includes forwarding some of the filtered network traffic to the subscribing host according to capacity of the subscribing host to process the filtered network traffic.

20. The method of claim 18 further comprising, for each of one or more of the multiple subscribing hosts, establishing a private communication connection with the subscribing host over the network, and wherein the forwarding of the at least some filtered network traffic to the subscribing host includes forwarding some of the filtered network traffic to the subscribing host over the private communication connection with the subscribing host.

21. The method of claim 18 further comprising, for each of at least some of the multiple subscribing hosts, determining a set of rules for filtering the rerouted network traffic for the subscribing host based at least in part on the obtained information from the subscribing host, and wherein the filtering of the rerouted network traffic for the subscribing host includes filtering the rerouted network traffic according to the set of rules determined for the subscribing host.

22. The method of claim 21 wherein, for each of the at least some subscribing hosts, at least some of the set of rules for the subscribing host are used to identify legitimate network traffic from illegitimate network traffic among the rerouted network traffic.

23. The method of claim 21 wherein, for each of the at least some subscribing hosts, the forwarding of the at least some filtered network traffic to the subscribing host includes forwarding only legitimate network traffic to the subscribing host.

24. The method of claim 21 further comprising, for each of the at least some subscribing hosts, analyzing the rerouted network traffic, and based on the analysis, adding additional rules to the set of rules for the subscribing host for use in filtering rerouted network traffic for the subscribing host.

25. The method of claim 24 further comprising, for each of one or more of the at least some subscribing hosts, identifying a rule from the set of rules for the subscribing host that is suitable for implementation by the subscribing host, and providing the identified rule to the subscribing host.

26. The method of claim 18 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes detecting a network communication from the subscribing host requesting protective assistance for the subscribing host.

27. The method of claim 18 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes receiving a communication from a user associated with the subscribing host requesting protective assistance for the subscribing host.

28. The method of claim 18 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes detecting an absence of a periodic communication from the subscribing host indicating that protective assistance is not required.

29. The method of claim 18 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes detecting that the subscribing host is experiencing adverse network traffic conditions.

30. The method of claim 29 wherein, for each of the one or more subscribing hosts, the detecting that the subscribing host is experiencing adverse network traffic conditions includes continually monitoring at least a portion of the network traffic directed to the subscribing host and evaluating the monitored network traffic to determine whether the current network traffic poses a risk to the subscribing host.

31. The method of claim 18 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes transmitting periodic queries to the subscribing host for status of the subscribing host and detecting an absence of a responsive communication from the subscribing host indicating its status.

32. The method of claim 18 further comprising, for each of one or more of the multiple subscribing hosts, monitoring for a withdraw condition for withdrawing the protective assistance provided to the subscribing host, and upon detecting of the withdraw condition, withdrawing the protective assistance provided to the subscribing host.

33. The method of claim 32 wherein, for each of the one or more subscribing hosts, the withdrawing of the protective assistance provided to the subscribing host includes causing network traffic directed to the subscribing host to be routed to the subscribing host without being received by the one or more configured computing devices.

34. The method of claim 32 wherein, for each of the one or more subscribing hosts, the withdrawing of the protective assistance provided to the subscribing host is performed in phases to ensure that the subscribing host is able to manage the network traffic without the protective assistance.

35. A non-transitory computer-readable medium storing computer-executable instructions that when executed by a network server device configure the network server device to carry out a method for providing a subscription-based network protection service for multiple subscribing hosts, the method comprising: for each of the multiple subscribing hosts, obtaining information from the subscribing host for use in configuring protective assistance provided by the subscription-based network protection service to the subscribing host; configuring the protective assistance provided to the subscribing host in a manner specific to the subscribing host, the configuring including determining from the obtained information a triggering condition corresponding to the subscribing host for providing the protective assistance; monitoring for an occurrence of the determined triggering condition for the subscribing host; and upon detecting the occurrence of the determined triggering condition for the subscribing host, providing the protective assistance to the subscribing host in the manner specific to the subscribing host, the providing of the protective assistance including: causing network traffic directed to the subscribing host to be rerouted to the subscription-based network protection service; filtering the rerouted network traffic; and forwarding at least some of the filtered network traffic to the subscribing host.

36. The non-transitory computer-readable medium of claim 35 wherein, for each of one or more of the multiple subscribing hosts, the forwarding of the at least some filtered network traffic to the subscribing host includes forwarding some of the filtered network traffic to the subscribing host according to capacity of the subscribing host to process the filtered network traffic.

37. The non-transitory computer-readable medium of claim 35 wherein the method further comprises, for each of one or more of the multiple subscribing hosts, establishing a private communication connection with the subscribing host over a network, and wherein the forwarding of the at least some filtered network traffic to the subscribing host includes forwarding some of the filtered network traffic to the subscribing host over the private communication connection with the subscribing host.

38. The non-transitory computer-readable medium of claim 35 wherein the method further comprises, for each of at least some of the multiple subscribing hosts, determining a set of rules for filtering the rerouted network traffic for the subscribing host based at least in part on the obtained information from the subscribing host, and wherein the filtering of the rerouted network traffic for the subscribing host includes filtering the rerouted network traffic according to the set of rules determined for the subscribing host.

39. The non-transitory computer-readable medium of claim 38 wherein, for each of the at least some subscribing hosts, at least some of the set of rules for the subscribing host are used to identify legitimate network traffic from illegitimate network traffic among the rerouted network traffic.

40. The non-transitory computer-readable medium of claim 38 wherein, for each of the at least some subscribing hosts, the forwarding of the at least some filtered network traffic to the subscribing host includes forwarding only legitimate network traffic to the subscribing host.

41. The non-transitory computer-readable medium of claim 38 wherein the method further comprises, for each of the at least some subscribing hosts, analyzing the rerouted network traffic, and based on the analysis, adding additional rules to the set of rules for the subscribing host for use in filtering rerouted network traffic for the subscribing host.

42. The non-transitory computer-readable medium of claim 41 wherein the method further comprises, for each of one or more of the at least some subscribing hosts, identifying a rule from the set of rules for the subscribing host that is suitable for implementation by the subscribing host, and providing the identified rule to the subscribing host.

43. The non-transitory computer-readable medium of claim 35 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes detecting a network communication from the subscribing host requesting protective assistance for the subscribing host.

44. The non-transitory computer-readable medium of claim 35 , wherein the detecting of the occurrence of the determined triggering condition includes receiving a communication from a user associated with the subscribing host requesting protective assistance for the subscribing host.

45. The non-transitory computer-readable medium of claim 35 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes detecting an absence of a periodic communication from the subscribing host indicating that protective assistance is not required.

46. The non-transitory computer-readable medium of claim 35 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes detecting that the subscribing host is experiencing adverse network traffic conditions.

47. The non-transitory computer-readable medium of claim 46 wherein, for each of the one or more subscribing hosts, the detecting that the subscribing host is experiencing adverse network traffic conditions includes continually monitoring at least a portion of the network traffic directed to the subscribing host and evaluating the monitored network traffic to determine whether the current network traffic poses a risk to the subscribing host.

48. The non-transitory computer-readable medium of claim 35 wherein, for each of one or more of the multiple subscribing hosts, the detecting of the occurrence of the determined triggering condition for the subscribing host includes transmitting periodic queries to the subscribing host for status of the subscribing host and detecting an absence of a responsive communication from the subscribing host indicating its status.

49. The non-transitory computer-readable medium of claim 35 wherein the method further comprises, for each of one or more of the multiple subscribing hosts, monitoring for a withdraw condition for withdrawing the protective assistance provided to the subscribing host, and upon detecting of the withdraw condition, withdrawing the protective assistance provided to the subscribing host.

50. The non-transitory computer-readable medium of claim 43 wherein, for each of the one or more subscribing hosts, the withdrawing of the protective assistance provided to the subscribing host includes causing network traffic directed to the subscribing host to be routed to the subscribing host without being received by the one or more configured computing devices of the subscription-based network protection service.

51. The non-transitory computer-readable medium of claim 43 wherein, for each of the one or more subscribing hosts, the withdrawing of the protective assistance provided to the subscribing host is performed in phases to ensure that the subscribing host is able to manage the network traffic without the protective assistance.

Patent Metadata

Filing Date

Unknown

Publication Date

November 13, 2012

Inventors

Paul G. Nordstrom

Colin Bodell

Craig A. Woods

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Browse All Patents Try Prior Art Search